A typical organization’s environment consists of a myriad of applications and services, each with its own unique set of ongoing vulnerabilities and flaws that could ultimately lead to a data breach. This can make IT security and operations’ job difficult, as different departments and groups within a company may utilize specific software offerings to accomplish their job functions.

Cybercriminals are surprisingly lazy. Hackers are continuously cultivating their methods to achieve maximum impact with minimal effort. The adoption of a Ransomware-as-a-Service model is one example of such an achievement. But perhaps the apical point of cyberattack efficiency was achieved with the invention of the supply chain attack. A supply chain attack is a type of cyberattack where an organization is breached though vulnerabilities in its supply chain.

On January 6, 2021. Hafnium, a Chinese state-sponsored group known for notoriously targeting the United States, started exploiting zero-day vulnerabilities on Microsoft Exchange Servers. The criminals launched a deluge of cyberattacks for almost 2 months without detection. On March 2, 2021, Microsoft finally became aware of the exploits and issued necessary security patches. By that point, it was too late.

Honeytokens act like tripwires, alerting organizations of malicious threats lurking at the footsteps of their sensitive data. They're a very effective intrusion detection system. So effective, in fact, that the European Union Agency for Cybersecurity (ENISA) highly recommends their use in network security. If strategically distributed thought an ecosystem, honeytokens could event prevent supply chain attacks.

The SolarWinds supply chain attack against the US Government was the largest and most sophisticated breach in history. A post mortem operation is still underway and with every stage of its progression, cybersecurity experts become increasingly flabbergasted at the INNOVATIVE complexity of the techniques used. But despite nation-state's efforts to conceal their tactics, they left some highly-valuable clues about their methods that could be leveraged to sharpen supply chain attack defenses.

Supply chain attacks are on the rise, yet few businesses are equipped to face this threat. This could be due to a growing despondency towards cybersecurity in light of the SolarWinds attack. If the nation-state hackers were sophisticated enough to bypass highly-secure Government agency critical infrastructures, how could any organization prevent a supply chain attack? The answer is a change of mindset - don't assume a supply chain attack might occur, assume it will occur.

The SolarWinds supply chain attack has rocked the business world, stirring a whirlwind of supply chain security evaluations. The pernicious effects of the SolarWinds cyberattack (which is likely to take months to fully comprehend) reveals an uncomfortable truth causing stakeholders globally to reconsider their business model - vendors introduce a significant security risk to an organization.

The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world, yet few organizations are completely compliant with its statutes. Complacency is dangerous territory. Non-compliant entities could be fined up to £18 million or 4% of annual global turnover (whichever is greater). This post clearly outlines the standards set by the GDPR and provides a checklist to help organizations remain compliant.

A news feed isn't complete if it isn't peppered with data breach news. Every day prestigious businesses are falling victim to a pernicious threat expected to cost the world $10.5 trillion annually by 2025. The key to overturning the formidable upward data breach trend is to prevent the events that could potentially develop into data breaches. All data leaks need to be identified and remediated before they are discovered by cybercriminals.

If you host a website, chances are good that you are running either Apache or Internet Information Services (IIS). Depending on the data source, they are two of the most common web server platforms, comprising a virtual triumvirate with Nginx for control of the market. They each also have their passionate supporters and haters. In fact, IIS vs. Apache flame wars are many times really spillover or proxy tirades of ‘Microsoft vs. Linux’.